By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
TechgoonduTechgoonduTechgoondu
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Search
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Reading: APIs pose security risks, but don’t shy away from them
Share
Font ResizerAa
TechgoonduTechgoondu
Font ResizerAa
  • Audio-visual
  • Enterprise
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
  • PC
  • Telecom
Search
  • Audio-visual
  • Enterprise
    • Software
    • Cybersecurity
  • Gaming
  • Imaging
  • Internet
  • Media
  • Mobile
    • Cellphones
    • Tablets
  • PC
  • Telecom
Follow US
© 2023 Goondu Media Pte Ltd. All Rights Reserved.
Techgoondu > Blog > Enterprise > APIs pose security risks, but don’t shy away from them
Enterprise

APIs pose security risks, but don’t shy away from them

Aaron Tan
Last updated: August 4, 2015 at 6:59 PM
Aaron Tan
Published: August 4, 2015
4 Min Read
SHARE


As more organisations provide APIs (application programming interfaces) to encourage third-party developers to create new and interesting apps using their data, the issue of API security naturally comes to mind.

After all, APIs offer pathways to an organisation’s data assets that could be compromised if necessary safeguards are not in place. Making things worse is the fact that APIs are – as their names suggest – are programmable, which means hackers can program them to get to the data they want.

Indeed, earlier this year, hackers had stolen the social security numbers, birth dates and addresses of 100,000 US taxpayers, using the US Inland Revenue Service’s GetTranscript API.

“These third parties gained sufficient information from an outside source before trying to access the IRS site, which allowed them to clear a multi-step authentication process, including several personal verification questions that typically are only known by the taxpayer,” the IRS said recently.

One of the ways in which organisations can minimise the security risks posed by APIs is to use an API management platform such as Mashery, an Intel company that takes care of API security and makes APIs available to developers.

“It safer to expose data to a platform like ours that lets you turn on access during a hackathon, limit the number of people who can access the data, and turn off access when they’re done,” said Jason Cormier, API strategy and product evangelist at Intel Australia.

However, that does not mean API management platforms like Mashery take security lightly. As a cloud-based service, Mashery has its fair share of cyber attacks each day.

“We encounter security problems like everybody else, but we haven’t had any data breach or a successful attack that brought us down,” said Boaz Maor, vice president for customer success at Mashery, adding that the company employs a security operations team that works round the clock.

Additionally, Mashery has implemented measures to bring its service back online in the event of a security incident or downtime. For example, while the service is hosted on Amazon Web Services, Mashery also runs a parallel private network that serves as a backup.

Cormier advised companies that are concerned with security to not dismiss APIs entirely as some developers may use their data in mutually beneficial way.

He cited the example of Yellow Pages – a Mashery customer – that had problems with users screen-scraping data from its site to create useful third-party apps.

“They were tired of this, and decided to give people a legal channel from which data could be accessed easily,” Cormier said. “And by doing so, they were able to see what people were doing with the data, and suddenly they were more secure and had more control over their data than before.”

According to technology research firm Gartner, the API management market was worth about US$618 million in 2014.

Commentary: Amazon Web Services outage takes out Hootsuite and other services
IoT complexity may affect rollout and adoption of smart sensors, devices: Ruckus Networks
Split from Symantec, Veritas seeks to make data “visible” and useful
Microsoft debuts Office 365 cloud
IDC: Healthcare industry warming up to the cloud

Sign up for the TG newsletter

Never miss anything again. Get the latest news and analysis in your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Whatsapp Whatsapp LinkedIn Copy Link Print
Previous Article As smartphones get cheaper, Singapore telcos rethink old strategies
Next Article LG’s 4K OLED TVs coming to Singapore this month
1 Comment
  • Dmitry Sotnikov says:
    August 5, 2015 at 4:38 pm

    There are a few other aspects of improved security in API Management solutions like Mashery or WSO2 API Cloud (http://wso2.com/cloud/api-cloud – disclosure: I work there):
    1. Analytics integrated with the API gateway – so you can track the trends or even have automated fraud detection system enabled and firing alarms on suspicious behavior,
    2. Integrated security (OAuth token management, etc.) and ability to manage & block accounts that need to be blocked.

    Bottomline of the story is that basically:
    * Whether to have APIs is a business & architectural decision,
    * Once you decide to have APIs, you need to have an API management solution so you maintain (and actually improve) security.

    Reply

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stay Connected

FacebookLike
XFollow

Latest News

Singapore’s HTX, Google Cloud to develop AI for public safety
Enterprise Software
May 28, 2025
Q&A: Digital trust is eroding and businesses need to rebuild, says Thales
Cybersecurity Enterprise Internet
May 28, 2025
Dell pitches next-gen infrastructure technologies to power AI for businesses
Enterprise
May 27, 2025
Building a PC? Fancy wood, video screens and retro beige plastic?
Gaming PC
May 27, 2025

Techgoondu.com is published by Goondu Media Pte Ltd, a company registered and based in Singapore.

.

Started in June 2008 by technology journalists and ex-journalists in Singapore who share a common love for all things geeky and digital, the site now includes segments on personal computing, enterprise IT and Internet culture.

banner banner
Everyday DIY
PC needs fixing? Get your hands on with the latest tech tips
READ ON
banner banner
Leaders Q&A
What tomorrow looks like to those at the leading edge today
FIND OUT
banner banner
Advertise with us
Discover unique access and impact with TG custom content
SHOW ME

 

 

POWERED BY READYSPACE
The Techgoondu website is powered by and managed by Readyspace Web Hosting.

TechgoonduTechgoondu
© 2024 Goondu Media Pte Ltd. All Rights Reserved | Privacy | Terms of Use | Advertise | About Us | Contact
Join Us!
Never miss anything again. Get the latest news and analysis in your inbox.

Zero spam, Unsubscribe at any time.
 

Loading Comments...
 

    Welcome Back!

    Sign in to your account

    Username or Email Address
    Password

    Lost your password?